This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4590 Views
  • 0 replies
  • 1 Likes

Configuration for GUI access through public IP

Hello all, I'm new to the Palo Alto firewalls and pardon me for my bad English as I'm not a native English speaker.I'm trying to build the below network we currently have in my workplace in an eve-ng lab. I'm not able to access the GUI through the address of eth 0/0 HQ_ISP address (203.189.70.2) with my current config. I have configured a Manag...

dilsarahm2_0-1741326588717.png

Security update for Palo Alto 5050

Colleagues, good afternoon,We have encountered an issue where, due to unforeseen circumstances, we had to revert to the old hardware. Could someone help with updating the security patches? We need to load them onto the device.Is there a way to download and send the updates to us? Unfortunately, we cannot officially request them as our technical ...

Cyberark RDP sessions aging-out, disconnecting users

We are working on a deployment of CyberArk for identity management. At this point our problems are not with integrating it for authentication with the Palo. Our problem is that the connectors for CyberArk in our datacenter are dropping connections when our Admins are using the RDP sessions. CyberArk gave us some docs re: creating an applicat...

How to trigger a "Response page" on Palo Alto NGFWs using URL filtering & Decryption

Hi All, I want to share my experience on very latest configuration I did in my company Firewall infra. With the genAI evolution & most of the companies trying to develop their own homegrown genAI app, it was becoming headache for my Cyber Risk team to track usage of 3rd party genAI apps (like ChatGPT, Gemini) & doing comparative analysi...

PS007 by L2 Linker
  • 2971 Views
  • 0 replies
  • 0 Likes

Best Practices for Multiple External IP

Hello Community I have 2 blocks of public IP addresses assigned by our ISP. They are on different networks . They culminate at the single gateway provided on premise by our ISP. An external (untrust) port on our 1410 is assigned to an IP address from our first block of IP addresses. That works fine and since it needs to be up all the time I ...

peeryog by L1 Bithead
  • 618 Views
  • 0 replies
  • 0 Likes

Resolved! Are Fixes from Previous PAN-OS Maintenance Releases Always Included in Later Versions?

In PAN-OS, if a specific issue (e.g., PAN-XXXXX) is addressed in a certain maintenance release, will the fix automatically be included in all later maintenance and hotfix releases of the same major/minor version, even if it is not explicitly mentioned in the release notes? For example, if an issue is fixed in PAN-OS 10.2.4 and I upgrade directly...

Resolved! Application list via show running security-policy is incomplete

Hey guys, I need to export a bunch of security rules of one of our FWs (PA-5250; 10.2.10-h9). I decided to do this via cli, but certain rules seem to have an incomplete list of applications. It looks like this: application/service [0:ms-scheduler/tcp/any/any 1:ms-scheduler/udp/any/any 2:ms-netlogon/tcp/any/49152-65535 3:ms-netlogon/tcp/any/135 4...

Using NAT64 to reach overlapping ipv4 networks

Hello! My problem is a little more complex than the scenario below, but I'm trying to keep it simple. Let's say I have a machine "v6client" on an IPv6-only network with IP 2001:db8::10. It's directly connected to an interface in virtual router vr1. Then, let's say I have two servers "server1" and "server2". Both of them have the same IP 19...

Resolved! PA-440 logging tab emtpy

Hi there, just got my new HA pair of two PA-440's up and running. I noticed a strange thing, the logging tab is empty, what's the cause of this? Btw, the cli shows logs via "show log traffic direction equal backward dst in x.x.x.x" Thx Daniel

pa440-logging.png
Netzer by L3 Networker
  • 2947 Views
  • 5 replies
  • 0 Likes

Resolved! Bi-direction Nat logic

hi I have configured a static bidirection NAT which is Trust to Untrust source address 10.149.192.32 destination 10.90.129.51 service any source translation 200.22.1.32 and turned the bi-directional: yes. I have the security policy any and routing 10.149.0.0/16 and 200.22.0.0/16 is Trust,10.90.129.51 Untrust. I have done troubleshooting from Tru...

IAmJi1 by L3 Networker
  • 2703 Views
  • 5 replies
  • 0 Likes
  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks